The VPC Networking Model is designed to simplify network and security management, offering an experience similar to public cloud platforms.
Key Components of VPC Networking
| Component | Function |
|---|---|
| Provider Gateway (Tier-0) | Connects virtual networks to the physical infrastructure; handles routing and advertises network ranges; can be shared across tenants |
| Transit Gateway (TGW) | Connects VPCs to each other and to the provider gateway; can bypass provider gateway via Distributed Transit Gateway (DTGW) fully distributed routing but limited features |
| VPC (Virtual Private Cloud) | Dedicated network space for workloads; contains subnets (NSX logical networks); East-West traffic is allowed unless blocked by Distributed Firewall |
Subnet Types in a VPC
| Subnet Type | Description |
|---|---|
| Private VPC | No external routing; NAT required for external connectivity |
| Private TGW | Cannot route north of the TGW; NAT required for northbound traffic; southbound traffic allowed |
| Public | Routable outside the TGW; accessible from external endpoints depending on provider gateway routing |
The VPC model is great for self-service cloud users while still giving network teams oversight when needed.
Segment Networking Model
The Segment Networking Model is more traditional and familiar to NSX users. It is a 2-tier network layout, giving administrators full control over network configuration.
Key Components of Segment Networking
| Component | Function |
|---|---|
| Tier-0 Gateway | Connects virtual networks to physical infrastructure; supports static and dynamic routing; always managed by provider admin |
| Tier-1 Gateway | Default gateway for workloads; must connect to a Tier-0 Gateway; can be managed by provider or tenant admin (if part of an NSX Project) |
| Segment | Logical network (NSX logical segment); connects to Tier-1 gateways; corresponds to a subnet in the VPC model |
Segment networking is best when administrators need tight control over all networking aspects, without self-service options for users.
example is shown
Choosing Between VPC and Segment Networking
- VPC Networking: Offers simplicity, automation, and a cloud-like self-service model. Ideal for environments where tenants manage their own workloads.
- Segment Networking: Provides granular control for administrators. Recommended when centralized network management is required or specific NSX features are needed.
This structure should give you a complete view of networking in VCF-9. Both models coexist in VCF, letting you choose the approach that best fits your organizational needs.
(Visited 35 times, 2 visits today)